News & Resources

British Airways data breaches

  • Posted on

British Airways (BA) has been the subject of a slew of data protection failures over the past few years.

In 2018 the airline company suffered a significant breach of their systems with the personal and financial details of almost 400,000 customers being impacted, making it one of the most severe cyber-attacks in UK history.

The Information Commissioners Office fined British Airways, and its parent company, International Airlines Group (IAG), a record £183.39 million, the highest fine the ICO has ever levelled at a company for a data breach.

In terms of the data that was breached, the ICO found "that a variety of information was compromised by poor security arrangements at [BA], including log in, payment card, and travel booking details as well name and address information.”

In response to this fine, Alex Cruz, British Airways’ chairman and chief executive, said:

We are surprised and disappointed in this initial finding from the ICO.

British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.

A further breach of their systems took place in July 2019 and involved BA’s e-ticketing system. Security researchers uncovered unencrypted links which could allow attackers to intercept and change the flight booking details and personal information of passengers.

This vulnerability in the e-ticketing system might have also exposed sensitive passenger information such as names, email addresses, phone numbers and more.

Over the six-month period that these links were unencrypted, an estimated 2.5 million connections were made to the British Airways domains, making the potential impact quite significant.

According to BA, passport and payment information can’t be accessed through these links and there was no evidence that any customer information was actually taken.

A British Airways spokesperson said of the incident:

We take the security of our customers’ data very seriously.

Like other airlines, we are aware of this potential issue and are taking action to ensure our customers remain securely protected.

Our expertise with data breaches

Hayes Connor is home to one of the largest team of data breach claims specialists in the country. With a wealth of experience and an excellent track record of success, we can guide clients through dealing with any situation where personal data has been lost, stolen or otherwise exposed.

If your data has been exposed or potentially exposed in a data breach, you can take a look at our guide to what to do if your data has been stolen in a data breach.

You can find out more about our expertise and how we handle data breach claims here.

To see how we can help with a data breach, you can use our online claim form or speak to a member of our team by calling 0151 363 5895.

Contact us